Pradeep KNS wrote: > Hi, > I have installed an ipa with internal dns.After installing updated > entries on dns as well. > > My main criteria is to communicate with ipa clients with ssh keybased > authentication which is working fine. > > Today i tot of i want to test with password based authentication which > is not happening.I dont know where i am missing > > > [[email protected] <mailto:[email protected]>]# ipa --version > VERSION: 4.10.1, API_VERSION: 2.251 > [[email protected] <mailto:[email protected]>]# > > ********************** PREVIOUS MESSAGE WAS TRIGGERED BY THE FOLLOWING > BACKTRACE: > * (2023-11-23 19:33:16): [krb5_child[11588]] [tgt_req_child] > (0x1000): [RID#15] Password was expired
The user's password is expired. IPA intends that only the end-user knows their password. So if it is set or reset by an administrator the user will need to change it. Is the user not prompted to reset it? rob > * (2023-11-23 19:33:16): [krb5_child[11588]] [sss_krb5_responder] > (0x4000): [RID#15] Got question [password]. > * (2023-11-23 19:33:16): [krb5_child[11588]] [map_krb5_error] > (0x0020): [RID#15] 2138: [-1765328324][Generic error (see e-text)] > ********************** BACKTRACE DUMP ENDS HERE > ********************************* > > ssh log > > Nov 23 19:33:16 test-example.com <http://test-example.com> sshd[11586]: > pam_sss(sshd:auth): authentication failure; logname= uid=0 euid=0 > tty=ssh ruser= rhost=10.10.1.1 user=harsh > Nov 23 19:33:16 test-example.com <http://test-example.com> sshd[11586]: > pam_sss(sshd:auth): received for user harsh: 4 (System error) > Nov 23 19:33:18test-example.com <http://18test-example.com> sshd[11584]: > error: PAM: Authentication failure for harsh from 10.10.1.1 > Nov 23 19:33:20 test-example.com <http://test-example.com> sshd[11584]: > Connection closed by authenticating user harsh 10.10.1.1 port 47724 > [preauth] -- _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
